Systems and Methods for Distributing Spam Signatures

1. A computer-implemented method for distributing spam signatures, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: identifying a set of spam emails; identifying a plurality of clients, each client in the plurality of clients having received at least one email in the set of spam emails; identifying at least one probable mailing list by analyzing email patterns in information received from the plurality of clients to identify at least one group of clients within the plurality of clients that have received a subset of the set of spam emails; receiving, from a client on the at least one probable mailing list, a request to pre-fetch spam signatures; in response to the request to pre-fetch spam signatures, creating a set of recipient-specific spam signatures specific to the client by identifying a set of spam emails sent to one or more additional clients on the at least one probable mailing list, wherein creating the set of recipient-specific spam signatures comprises: identifying a subset of clients in the plurality of clients that belong to the at least one probable mailing list; determining that the subset of clients have received an additional spam email; including the additional spam email in the set of spam emails such that a signature of the additional spam email is included in the set of recipient-specific spam signatures; transmitting the set of recipient-specific spam signatures to the client such that the client is enabled to filter spam messages sent to the one or more additional clients and skip making individual queries for emails identified within the set of recipient-specific spam signatures, wherein: at least one of the identifying, receiving, creating, and transmitting steps are performed by the computing device comprising the at least one processor.

2. The computer-implemented method of claim 1 , wherein identifying the subset of clients comprises randomly selecting clients from the plurality of clients.

3. The computer-implemented method of claim 1 , wherein the subset of clients comprises at least one honeypot client, the honeypot client comprising an email address created for the sole purpose of receiving spam emails.

4. The computer-implemented method of claim 1 , wherein each client in the subset of clients, other than the client prefetching spam signatures, comprises a honeypot client created for the sole purpose of receiving spam emails.

5. The computer-implemented method of claim 1 , wherein creating a set of recipient-specific spam signatures specific to the client by identifying a set of spam emails sent to one or more additional clients on the at least one probable mailing list comprises: determining when the client last requested information identifying spam; determining that the set of spam emails were associated with the at least one probable mailing list after the client last requested information identifying spam.

6. The computer-implemented method of claim 1 , wherein receiving the request to pre-fetch spam signatures comprising transmitting information identifying another spam email received at the client.

7. The computer-implemented method of claim 1 , wherein the client sends the request to pre-fetch spam signatures in response to an email program on the client opening.

8. The computer-implemented method of claim 1 , wherein the client sends the request to pre-fetch spam signatures in response to an email program on the client attempting to fetch new emails.

9. A system for distributing spam signatures, the system comprising: an identification module programmed to: identify a set of spam emails; identify a plurality of clients, each client in the plurality of clients having received at least one email in the set of spam emails; an association module programmed to: identify at least one probable mailing list by analyzing email patterns in information received from the plurality of clients to identify at least one group of clients within the plurality of clients that have received a subset of the set of spam emails; receive, from a client on the at least one probable mailing list, a request to pre-fetch spam signatures; in response to the request to pre-fetch spam signatures, create a set of recipient-specific spam signatures specific to the client by identifying a set of spam emails sent to one or more additional clients on the at least one probable mailing list, wherein the association module is programmed to create the set of recipient-specific spam signatures by: identifying a subset of clients in the plurality of clients that belong to the at least one probable mailing list; determining that the subset of clients have received an additional spam email; including the additional spam email in the set of spam emails such that a signature of the additional spam email is included in the set of recipient-specific spam signatures; a transmission module programmed to transmit the set of recipient-specific spam signatures to the client such that the client is enabled to filter spam messages sent to the one or more additional clients and skip making individual queries for emails identified within the set of recipient-specific spam signatures; at least one processor configured to execute the identification module, the association module, and the transmission module.

10. The system of claim 9 , wherein the request to pre-fetch spam signatures comprises a request for information about new or additional spam emails sent via one or more mailing lists of which the client is a member.

11. The system of claim 9 , wherein: the association module is programmed to determine the client belongs to a plurality of mailing lists; determining that the client belongs to a plurality of mailing lists comprises identifying the at least one probable mailing list.

12. The system of claim 11 , wherein the association module is programmed to create the set of recipient-specific spam signatures specific to the client by: identifying a subset of clients for each of the plurality of mailing lists; examining a union of the subset of clients; identifying the set of spam emails by identifying spam emails received by clients in the union.

13. The system of claim 9 , wherein the association module is programmed to identify the set of spam emails sent to one or more additional clients on the at least one probable mailing list by, for each additional email in the set of spam emails, determining that a predetermined proportion of the one or more additional clients on the at least one probable mailing list received the additional email.

14. The system of claim 9 , wherein the transmission module is programmed to transmit the set of recipient-specific spam signatures to the client by: determining when the client last requested information identifying spam; determining that the set of spam emails was associated with the at least one probable mailing list after the client last requested information identifying spam.

15. The system of claim 9 , wherein the association module is programmed to identify at least one group of clients within the plurality of clients that have received a subset of the set of spam emails by randomly selecting a subset of clients that belong to the at least one probable mailing list.

16. The system of claim 9 , wherein the at least one probable mailing list comprises a plurality of clients that are likely to be targets of a common set or class of communications from a common source.

17. The system of claim 9 , wherein the association module is programmed to analyze email patterns in information received from the plurality of clients by identifying one or more groups of clients that received substantially similar or equivalent emails messages within a certain time period.

18. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to: identify a set of spam emails; identify a plurality of clients, each client in the plurality of clients having received at least one email in the set of spam emails; identify at least one probable mailing list by analyzing email patterns in information received from the plurality of clients to identify at least one group of clients within the plurality of clients that have received a subset of the set of spam emails; receive, from a client on the at least one probable mailing list, a request to pre-fetch spam signatures; in response to the request to pre-fetch spam signatures, create a set of recipient-specific spam signatures specific to the client by identifying a set of spam emails sent to one or more additional clients on the at least one probable mailing list, wherein creating the set of recipient-specific spam signatures comprises: identifying a subset of clients in the plurality of clients that belong to the at least one probable mailing list; determining that the subset of clients have received an additional spam email; including the additional spam email in the set of spam emails such that a signature of the additional spam email is included in the set of recipient-specific spam signatures; transmit the set of recipient-specific spam signatures to the client such that the client is enabled to filter spam messages sent to the one or more additional clients and skip making individual queries for emails identified within the set of recipient-specific spam signatures.

19. The non-transitory computer-readable-storage medium of claim 18 , wherein the one or more computer-executable instructions that are further programmed to cause the computing device to revise the at least one probable mailing list as new reports of spam emails are received from the plurality of clients.